Loading ...
Loading ...
Loading ...
170
9. Authentication
• Enter the Server Address (IP or host name) of the remote authentication server. Multiple remote servers may be specified
in a comma-separated list. Each server is tried in succession.
• Check the Server Protocol box to select if SSL is to be used and/or enforced for communications with the LDAP server.
Console servers running firmware version 3.11 and above offer three options for LDAPS (LDAP over SSL):
o LDAP over SSL preferred: will attempt to use SSL for authentication. If it fails, it will default to LDAP without SSL. For
example, LDAP over SSL may fail due to certificate errors or the LDAP server cannot be contacted on the LDAPS port.
o LDAP over SSL only: will configure the Tripp Lite device to only accept LDAP over SSL. If LDAP over SSL fails, you will
only be able to log into the console server as root.
o LDAP (no SSL) only: will configure the Tripp Lite device to only accept LDAP without SSL. If LDAP without SSL fails, you
will only be able to log into the console server as root.
• The Ignore SSL Certificate Error checkbox enables you to ignore SSL certificate errors, in effect allowing LDAP over SSL
to work, regardless of these errors. You can use any certificate, self-signed or otherwise, on the LDAP server without having
to install any certificates on the console server. If this setting is not checked, you must install the CA (certificate authority)
certificate with which the LDAP server’s certificate was signed onto the console server. For example, the LDAP server
provides a certificate signed myCA.crt.
Note: The certificate needs to be in CRT format and myCA.crt needs to be installed on console server at /etc/config/ldaps_ca.crt. Also, the
file name must be ldaps_ca.crt. You will need to copy the file to this location and manually name using ‘scp’ or the like. Some examples
include:
scp /local/path/to/myCA.c
rt root@console_server:/etc/config/ldaps_ca.crt
Loading ...
Loading ...
Loading ...